@microsoft/agents-hosting 1.1.0-alpha.5 → 1.1.0-alpha.75

package/dist/src/app/{authorization.d.ts → auth/authorization.d.ts}

@@ -2,45 +2,11 @@
  * Copyright (c) Microsoft Corporation. All rights reserved.
  * Licensed under the MIT License.
  */
-import { TurnContext } from '../turnContext';
-import { TurnState } from './turnState';
-import { Storage } from '../storage';
-import { OAuthFlow, TokenResponse, UserTokenClient } from '../oauth';
-import { Activity } from '@microsoft/agents-activity';
-/**
- * Represents the state of a sign-in process.
- * @interface SignInState
- */
-export interface SignInState {
-    /** Optional activity to continue with after sign-in completion. */
-    continuationActivity?: Activity;
-    /** Identifier of the auth handler being used. */
-    handlerId?: string;
-    /** Whether the sign-in process has been completed. */
-    completed?: boolean;
-}
-/**
- * Interface defining an authorization handler for OAuth flows.
- * @interface AuthHandler
- */
-export interface AuthHandler {
-    /** Connection name for the auth provider. */
-    name?: string;
-    /** The OAuth flow implementation. */
-    flow?: OAuthFlow;
-    /** Title to display on auth cards/UI. */
-    title?: string;
-    /** Text to display on auth cards/UI. */
-    text?: string;
-    cnxPrefix?: string;
-}
-/**
- * Options for configuring user authorization.
- * Contains settings to configure OAuth connections.
- * @interface AuthorizationHandlers
- */
-export interface AuthorizationHandlers extends Record<string, AuthHandler> {
-}
+import { TokenResponse } from '../../oauth';
+import { TurnContext } from '../../turnContext';
+import { TurnState } from '../turnState';
+import { AuthorizationManager } from './authorizationManager';
+import { AuthorizationHandlerTokenOptions } from './types';
 /**
  * Class responsible for managing authorization and OAuth flows.
  * Handles multiple OAuth providers and manages the complete authentication lifecycle.
@@ -57,58 +23,14 @@ export interface AuthorizationHandlers extends Record<string, AuthHandler> {
  * - Sign-in success/failure event handling
  * - Automatic configuration from environment variables
  *
- * @example
- * ```typescript
- * const auth = new Authorization(storage, {
- *   'microsoft': {
- *     name: 'Microsoft',
- *     title: 'Sign in with Microsoft',
- *     text: 'Please sign in'
- *   }
- * });
- *
- * auth.onSignInSuccess(async (context, state) => {
- *   await context.sendActivity('Welcome! You are now signed in.');
- * });
- * ```
- *
  */
 export declare class Authorization {
-    private storage;
-    /**
-     * Dictionary of configured authentication handlers.
-     * @public
-     */
-    authHandlers: AuthorizationHandlers;
+    private manager;
     /**
      * Creates a new instance of Authorization.
-     *
-     * @remarks
-     * The constructor initializes all configured auth handlers and sets up OAuth flows.
-     * It automatically configures handler properties from environment variables if not provided:
-     * - Connection name: {handlerId}_connectionName
-     * - Connection title: {handlerId}_connectionTitle
-     * - Connection text: {handlerId}_connectionText
-     *
-     * @example
-     * ```typescript
-     * const auth = new Authorization(storage, {
-     *   'microsoft': {
-     *     name: 'Microsoft',
-     *     title: 'Sign in with Microsoft'
-     *   },
-     *   'google': {
-     *     // Will use GOOGLE_connectionName from env vars
-     *   }
-     * });
-     * ```
-     *
-     * @param storage - The storage system to use for state management.
-     * @param authHandlers - Configuration for OAuth providers.
-     * @throws {Error} If storage is null/undefined or no auth handlers are provided.
-     *
+     * @param manager The AuthorizationManager instance to manage handlers.
      */
-    constructor(storage: Storage, authHandlers: AuthorizationHandlers, userTokenClient: UserTokenClient);
+    constructor(manager: AuthorizationManager);
     /**
      * Gets the token for a specific auth handler.
      *
@@ -133,15 +55,7 @@ export declare class Authorization {
      */
     getToken(context: TurnContext, authHandlerId: string): Promise<TokenResponse>;
     /**
-     * Gets the auth handler by ID or throws an error if not found.
-     *
-     * @param authHandlerId - ID of the auth handler to retrieve.
-     * @returns The auth handler instance.
-     * @throws {Error} If the auth handler with the specified ID is not configured.
-     * @private
-     */
-    private getAuthHandlerOrThrow;
-    /**
+     * @deprecated
      * Exchanges a token for a new token with different scopes.
      *
      * @param context - The context object for the current turn.
@@ -168,53 +82,34 @@ export declare class Authorization {
      */
     exchangeToken(context: TurnContext, scopes: string[], authHandlerId: string): Promise<TokenResponse>;
     /**
-     * Checks if a token is exchangeable for an on-behalf-of flow.
-     *
-     * @param token - The token to check.
-     * @returns True if the token is exchangeable, false otherwise.
-     * @private
-     */
-    private isExchangeable;
-    /**
-     * Handles on-behalf-of token exchange using MSAL.
-     *
-     * @param context - The context object for the current turn.
-     * @param token - The token to exchange.
-     * @param scopes - Array of scopes to request for the new token.
-     * @returns A promise that resolves to the exchanged token response.
-     * @private
-     */
-    private handleObo;
-    /**
-     * Begins or continues an OAuth flow.
+     * Exchanges a token for a new token with different scopes.
      *
      * @param context - The context object for the current turn.
-     * @param state - The state object for the current turn.
      * @param authHandlerId - ID of the auth handler to use.
-     * @returns A promise that resolves to the token response from the OAuth provider.
+     * @param options - Optional token options. If `connection` and `scopes` are NOT provided, the auth handler's configured options are used
+     * (`AgentApplication.authorization.obo.connection` and `AgentApplication.authorization.obo.scopes`), and the token exchange operation will happen automatically,
+     * meaning that this method should not be called, otherwise it will perform the token exchange operation twice.
+     * Provide `options` only when you need to override the `AgentApplication.authorization.obo` configuration for a specific call.
+     * @returns A promise that resolves to the exchanged token response.
      * @throws {Error} If the auth handler is not configured.
      *
      * @remarks
-     * This method manages the complete OAuth authentication flow:
-     * - If no flow is active, it begins a new OAuth flow and shows the sign-in card
-     * - If a flow is active, it continues the flow and processes the authentication response
-     * - Handles success/failure callbacks and updates the sign-in state accordingly
-     *
-     * The method automatically manages the sign-in state and continuation activities,
-     * allowing the conversation to resume after successful authentication.
+     * This method handles token exchange scenarios, particularly for on-behalf-of (OBO) flows.
+     * It checks if the current token is exchangeable (e.g., has audience starting with 'api://')
+     * and performs the appropriate token exchange using MSAL.
      *
      * @example
      * ```typescript
-     * const tokenResponse = await auth.beginOrContinueFlow(context, state, 'microsoft');
-     * if (tokenResponse && tokenResponse.token) {
-     *   // User is now authenticated
-     *   await context.sendActivity('Authentication successful!');
-     * }
+     * const exchangedToken = await auth.exchangeToken(
+     *   context,
+     *   'microsoft',
+     *   { connection: 'oboConnection', scopes: ['https://graph.microsoft.com/.default'] }
+     * });
      * ```
      *
      * @public
      */
-    beginOrContinueFlow(context: TurnContext, state: TurnState, authHandlerId: string, secRoute?: boolean): Promise<TokenResponse>;
+    exchangeToken(context: TurnContext, authHandlerId: string, options?: AuthorizationHandlerTokenOptions): Promise<TokenResponse>;
     /**
      * Signs out the current user.
      *
@@ -241,11 +136,6 @@ export declare class Authorization {
      * @public
      */
     signOut(context: TurnContext, state: TurnState, authHandlerId?: string): Promise<void>;
-    /**
-     * Private handler for successful sign-in events.
-     * @private
-     */
-    _signInSuccessHandler: ((context: TurnContext, state: TurnState, authHandlerId?: string) => Promise<void>) | null;
     /**
      * Sets a handler to be called when sign-in is successfully completed.
      *
@@ -267,11 +157,6 @@ export declare class Authorization {
      * @public
      */
     onSignInSuccess(handler: (context: TurnContext, state: TurnState, authHandlerId?: string) => Promise<void>): void;
-    /**
-     * Private handler for failed sign-in events.
-     * @private
-     */
-    _signInFailureHandler: ((context: TurnContext, state: TurnState, authHandlerId?: string, errorMessage?: string) => Promise<void>) | null;
     /**
      * Sets a handler to be called when sign-in fails.
      *
@@ -299,4 +184,13 @@ export declare class Authorization {
      * @public
      */
     onSignInFailure(handler: (context: TurnContext, state: TurnState, authHandlerId?: string, errorMessage?: string) => Promise<void>): void;
+    /**
+     * Gets the auth handler by ID or throws an error if not found.
+     *
+     * @param id - ID of the auth handler to retrieve.
+     * @returns The auth handler instance.
+     * @throws {Error} If the auth handler with the specified ID is not configured.
+     * @private
+     */
+    private getHandler;
 }

package/dist/src/app/auth/authorization.js

@@ -0,0 +1,188 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Authorization = void 0;
+const logger_1 = require("@microsoft/agents-activity/logger");
+const turnState_1 = require("../turnState");
+const logger = (0, logger_1.debug)('agents:authorization');
+/**
+ * Class responsible for managing authorization and OAuth flows.
+ * Handles multiple OAuth providers and manages the complete authentication lifecycle.
+ *
+ * @remarks
+ * The Authorization class provides a centralized way to handle OAuth authentication
+ * flows within the agent application. It supports multiple authentication handlers,
+ * token exchange, on-behalf-of flows, and provides event handlers for success/failure scenarios.
+ *
+ * Key features:
+ * - Multiple OAuth provider support
+ * - Token caching and exchange
+ * - On-behalf-of (OBO) token flows
+ * - Sign-in success/failure event handling
+ * - Automatic configuration from environment variables
+ *
+ */
+class Authorization {
+    /**
+     * Creates a new instance of Authorization.
+     * @param manager The AuthorizationManager instance to manage handlers.
+     */
+    constructor(manager) {
+        this.manager = manager;
+    }
+    /**
+     * Gets the token for a specific auth handler.
+     *
+     * @param context - The context object for the current turn.
+     * @param authHandlerId - ID of the auth handler to use.
+     * @returns A promise that resolves to the token response from the OAuth provider.
+     * @throws {Error} If the auth handler is not configured.
+     *
+     * @remarks
+     * This method retrieves an existing token for the specified auth handler.
+     * The token may be cached and will be retrieved from the OAuth provider if needed.
+     *
+     * @example
+     * ```typescript
+     * const tokenResponse = await auth.getToken(context, 'microsoft');
+     * if (tokenResponse.token) {
+     *   console.log('User is authenticated');
+     * }
+     * ```
+     *
+     * @public
+     */
+    async getToken(context, authHandlerId) {
+        const handler = this.getHandler(authHandlerId);
+        const { token } = await handler.token(context);
+        return { token };
+    }
+    /**
+     * @internal
+     * Internal implementation of exchangeToken method.
+     * Handles both overloads and performs the actual token exchange logic.
+     */
+    async exchangeToken(context, authHandlerId, options) {
+        if (authHandlerId instanceof Array && typeof options === 'string') {
+            logger.warn('Authorization.exchangeToken(context, scopes, authHandlerId) is deprecated. Use Authorization.exchangeToken(context, authHandlerId, options) instead.');
+            const [handlerId, handlerScopes] = [options, authHandlerId];
+            return this.exchangeToken(context, handlerId, { scopes: handlerScopes });
+        }
+        if (typeof authHandlerId === 'string' && typeof options !== 'string') {
+            const handler = this.getHandler(authHandlerId);
+            const { token } = await handler.token(context, options);
+            return { token };
+        }
+        throw new Error('Invalid parameters for exchangeToken method.');
+    }
+    /**
+     * Signs out the current user.
+     *
+     * @param context - The context object for the current turn.
+     * @param state - The state object for the current turn.
+     * @param authHandlerId - Optional ID of the auth handler to use for sign out. If not provided, signs out from all handlers.
+     * @returns A promise that resolves when sign out is complete.
+     * @throws {Error} If the specified auth handler is not configured.
+     *
+     * @remarks
+     * This method clears the user's token and resets the authentication state.
+     * If no specific authHandlerId is provided, it signs out from all configured handlers.
+     * This ensures complete cleanup of authentication state across all providers.
+     *
+     * @example
+     * ```typescript
+     * // Sign out from specific handler
+     * await auth.signOut(context, state, 'microsoft');
+     *
+     * // Sign out from all handlers
+     * await auth.signOut(context, state);
+     * ```
+     *
+     * @public
+     */
+    async signOut(context, state, authHandlerId) {
+        if (authHandlerId) {
+            await this.getHandler(authHandlerId).signout(context);
+        }
+        else {
+            for (const handler of Object.values(this.manager.handlers)) {
+                await handler.signout(context);
+            }
+        }
+    }
+    /**
+     * Sets a handler to be called when sign-in is successfully completed.
+     *
+     * @param handler - The handler function to call on successful sign-in.
+     *
+     * @remarks
+     * This method allows you to register a callback that will be invoked whenever
+     * a user successfully completes the authentication process. The handler receives
+     * the turn context, state, and the ID of the auth handler that was used.
+     *
+     * @example
+     * ```typescript
+     * auth.onSignInSuccess(async (context, state, authHandlerId) => {
+     *   await context.sendActivity(`Welcome! You signed in using ${authHandlerId}.`);
+     *   // Perform any post-authentication setup
+     * });
+     * ```
+     *
+     * @public
+     */
+    onSignInSuccess(handler) {
+        for (const authHandler of Object.values(this.manager.handlers)) {
+            authHandler.onSuccess((context) => handler(context, new turnState_1.TurnState(), authHandler.id));
+        }
+    }
+    /**
+     * Sets a handler to be called when sign-in fails.
+     *
+     * @param handler - The handler function to call on sign-in failure.
+     *
+     * @remarks
+     * This method allows you to register a callback that will be invoked whenever
+     * a user's authentication attempt fails. The handler receives the turn context,
+     * state, auth handler ID, and an optional error message describing the failure.
+     *
+     * Common failure scenarios include:
+     * - User cancels the authentication process
+     * - Invalid credentials or expired tokens
+     * - Network connectivity issues
+     * - OAuth provider errors
+     *
+     * @example
+     * ```typescript
+     * auth.onSignInFailure(async (context, state, authHandlerId, errorMessage) => {
+     *   await context.sendActivity(`Sign-in failed: ${errorMessage || 'Unknown error'}`);
+     *   await context.sendActivity('Please try signing in again.');
+     * });
+     * ```
+     *
+     * @public
+     */
+    onSignInFailure(handler) {
+        for (const authHandler of Object.values(this.manager.handlers)) {
+            authHandler.onFailure((context, reason) => handler(context, new turnState_1.TurnState(), authHandler.id, reason));
+        }
+    }
+    /**
+     * Gets the auth handler by ID or throws an error if not found.
+     *
+     * @param id - ID of the auth handler to retrieve.
+     * @returns The auth handler instance.
+     * @throws {Error} If the auth handler with the specified ID is not configured.
+     * @private
+     */
+    getHandler(id) {
+        if (!Object.prototype.hasOwnProperty.call(this.manager.handlers, id)) {
+            throw new Error(`Cannot find auth handler with ID '${id}'. Ensure it is configured in the agent application options.`);
+        }
+        return this.manager.handlers[id];
+    }
+}
+exports.Authorization = Authorization;
+//# sourceMappingURL=authorization.js.map

package/dist/src/app/auth/authorization.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.js","sourceRoot":"","sources":["../../../../src/app/auth/authorization.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,8DAAyD;AAGzD,4CAAwC;AAIxC,MAAM,MAAM,GAAG,IAAA,cAAK,EAAC,sBAAsB,CAAC,CAAA;AAE5C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAa,aAAa;IACxB;;;OAGG;IACH,YAAqB,OAA6B;QAA7B,YAAO,GAAP,OAAO,CAAsB;IAAG,CAAC;IAEtD;;;;;;;;;;;;;;;;;;;;;OAqBG;IACI,KAAK,CAAC,QAAQ,CAAE,OAAoB,EAAE,aAAqB;QAChE,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;QAC9C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAC9C,OAAO,EAAE,KAAK,EAAE,CAAA;IAClB,CAAC;IA2DD;;;;OAIG;IACI,KAAK,CAAC,aAAa,CAAE,OAAoB,EAAE,aAAgC,EAAE,OAAmD;QACrI,IAAI,aAAa,YAAY,KAAK,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAClE,MAAM,CAAC,IAAI,CAAC,sJAAsJ,CAAC,CAAA;YACnK,MAAM,CAAC,SAAS,EAAE,aAAa,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,CAAA;YAC3D,OAAO,IAAI,CAAC,aAAa,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAA;QAC1E,CAAC;QAED,IAAI,OAAO,aAAa,KAAK,QAAQ,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YACrE,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAA;YAC9C,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;YACvD,OAAO,EAAE,KAAK,EAAE,CAAA;QAClB,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAA;IACjE,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;OAwBG;IACI,KAAK,CAAC,OAAO,CAAE,OAAoB,EAAE,KAAgB,EAAE,aAAsB;QAClF,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;QACvD,CAAC;aAAM,CAAC;YACN,KAAK,MAAM,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC3D,MAAM,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;YAChC,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;OAmBG;IACI,eAAe,CAAE,OAA0F;QAChH,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/D,WAAW,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,qBAAS,EAAE,EAAE,WAAW,CAAC,EAAE,CAAC,CAAC,CAAA;QACvF,CAAC;IACH,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;OAyBG;IACI,eAAe,CAAE,OAAiH;QACvI,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC/D,WAAW,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,qBAAS,EAAE,EAAE,WAAW,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC,CAAA;QACvG,CAAC;IACH,CAAC;IAED;;;;;;;OAOG;IACK,UAAU,CAAE,EAAU;QAC5B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC;YACrE,MAAM,IAAI,KAAK,CAAC,qCAAqC,EAAE,8DAA8D,CAAC,CAAA;QACxH,CAAC;QACD,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;IAClC,CAAC;CACF;AA5ND,sCA4NC"}

package/dist/src/app/auth/authorizationManager.d.ts

@@ -0,0 +1,71 @@
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+import { Activity } from '@microsoft/agents-activity';
+import { AgentApplication } from '../agentApplication';
+import { TurnContext } from '../../turnContext';
+import { AuthorizationHandler } from './types';
+import { Connections } from '../../auth/connections';
+/**
+ * Result of the authorization manager process.
+ */
+export interface AuthorizationManagerProcessResult {
+    /**
+     * Indicates whether the authorization was successful.
+     */
+    authorized: boolean;
+}
+/**
+ * Function to retrieve handler IDs for the current activity.
+ */
+export type GetHandlerIds = (activity: Activity) => string[] | Promise<string[]>;
+/**
+ * Manages multiple authorization handlers and their interactions.
+ * Processes authorization requests and maintains handler states.
+ * @remarks
+ * This class is responsible for coordinating the authorization process
+ * across multiple handlers, ensuring that each handler is invoked in
+ * the correct order and with the appropriate context.
+ */
+export declare class AuthorizationManager {
+    private app;
+    private _handlers;
+    /**
+     * Creates an instance of the AuthorizationManager.
+     * @param app The agent application instance.
+     */
+    constructor(app: AgentApplication<any>, connections: Connections);
+    /**
+     * Loads and validates the authorization handler options.
+     */
+    private loadOptions;
+    /**
+     * Gets the registered authorization handlers.
+     * @returns A record of authorization handlers by their IDs.
+     */
+    get handlers(): Record<string, AuthorizationHandler>;
+    /**
+     * Processes an authorization request.
+     * @param context The turn context.
+     * @param getHandlerIds A function to retrieve the handler IDs for the current activity.
+     * @returns The result of the authorization process.
+     */
+    process(context: TurnContext, getHandlerIds: GetHandlerIds): Promise<AuthorizationManagerProcessResult>;
+    /**
+     * Gets the active handler session from storage.
+     */
+    private active;
+    /**
+     * Attempts to sign in using the specified handler and options.
+     */
+    private signin;
+    /**
+     * Maps an array of handler IDs to their corresponding handler instances.
+     */
+    private mapHandlers;
+    /**
+     * Prefixes a message with the handler ID.
+     */
+    private prefix;
+}

package/dist/src/app/auth/authorizationManager.js

@@ -0,0 +1,170 @@
+"use strict";
+/**
+ * Copyright (c) Microsoft Corporation. All rights reserved.
+ * Licensed under the MIT License.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationManager = void 0;
+const agents_activity_1 = require("@microsoft/agents-activity");
+const handlers_1 = require("./handlers");
+const handlerStorage_1 = require("./handlerStorage");
+const types_1 = require("./types");
+const logger = (0, agents_activity_1.debug)('agents:authorization:manager');
+/**
+ * Manages multiple authorization handlers and their interactions.
+ * Processes authorization requests and maintains handler states.
+ * @remarks
+ * This class is responsible for coordinating the authorization process
+ * across multiple handlers, ensuring that each handler is invoked in
+ * the correct order and with the appropriate context.
+ */
+class AuthorizationManager {
+    /**
+     * Creates an instance of the AuthorizationManager.
+     * @param app The agent application instance.
+     */
+    constructor(app, connections) {
+        this.app = app;
+        this._handlers = {};
+        if (!app.options.storage) {
+            throw new Error('Storage is required for Authorization. Ensure that a storage provider is configured in the AgentApplication options.');
+        }
+        if (app.options.authorization === undefined || Object.keys(app.options.authorization).length === 0) {
+            throw new Error('The AgentApplication.authorization does not have any auth handlers');
+        }
+        const settings = { storage: app.options.storage, connections };
+        for (const [id, handler] of Object.entries(app.options.authorization)) {
+            const options = this.loadOptions(id, handler);
+            if (options.type === 'agentic') {
+                this._handlers[id] = new handlers_1.AgenticAuthorization(id, options, settings);
+            }
+            else {
+                this._handlers[id] = new handlers_1.AzureBotAuthorization(id, options, settings);
+            }
+        }
+    }
+    /**
+     * Loads and validates the authorization handler options.
+     */
+    loadOptions(id, options) {
+        var _a, _b;
+        const result = {
+            ...options,
+            type: (_b = ((_a = options.type) !== null && _a !== void 0 ? _a : process.env[`${id}_type`])) === null || _b === void 0 ? void 0 : _b.toLowerCase(),
+        };
+        // Validate supported types, agentic, and default (Azure Bot - undefined)
+        const supportedTypes = ['agentic', undefined];
+        if (!supportedTypes.includes(result.type)) {
+            throw new Error(`Unsupported authorization handler type: '${result.type}' for auth handler: '${id}'. Supported types are: '${supportedTypes.filter(Boolean).join('\', \'')}'.`);
+        }
+        return result;
+    }
+    /**
+     * Gets the registered authorization handlers.
+     * @returns A record of authorization handlers by their IDs.
+     */
+    get handlers() {
+        return this._handlers;
+    }
+    /**
+     * Processes an authorization request.
+     * @param context The turn context.
+     * @param getHandlerIds A function to retrieve the handler IDs for the current activity.
+     * @returns The result of the authorization process.
+     */
+    async process(context, getHandlerIds) {
+        var _a, _b, _c;
+        const storage = new handlerStorage_1.HandlerStorage(this.app.options.storage, context);
+        let active = await this.active(storage, getHandlerIds);
+        const handlers = (_c = (_a = active === null || active === void 0 ? void 0 : active.handlers) !== null && _a !== void 0 ? _a : this.mapHandlers((_b = await getHandlerIds(context.activity)) !== null && _b !== void 0 ? _b : [])) !== null && _c !== void 0 ? _c : [];
+        for (const handler of handlers) {
+            const status = await this.signin(storage, handler, context, active === null || active === void 0 ? void 0 : active.data);
+            logger.debug(this.prefix(handler.id, `Sign-in status: ${status}`));
+            if (status === types_1.AuthorizationHandlerStatus.IGNORED) {
+                await storage.delete();
+                return { authorized: true };
+            }
+            if (status === types_1.AuthorizationHandlerStatus.PENDING) {
+                return { authorized: false };
+            }
+            if (status === types_1.AuthorizationHandlerStatus.REJECTED) {
+                await storage.delete();
+                return { authorized: false };
+            }
+            if (status === types_1.AuthorizationHandlerStatus.REVALIDATE) {
+                await storage.delete();
+                return this.process(context, getHandlerIds);
+            }
+            if (status !== types_1.AuthorizationHandlerStatus.APPROVED) {
+                throw new Error(this.prefix(handler.id, `Unexpected registration status: ${status}`));
+            }
+            await storage.delete();
+            if (active) {
+                // Restore the original activity in the turn context for the next handler to process.
+                // This is done like this to avoid losing data that may be set in the turn context.
+                context._activity = agents_activity_1.Activity.fromObject(active.data.activity);
+                active = undefined;
+            }
+        }
+        return { authorized: true };
+    }
+    /**
+     * Gets the active handler session from storage.
+     */
+    async active(storage, getHandlerIds) {
+        var _a;
+        const data = await storage.read();
+        if (!data) {
+            return;
+        }
+        const handlerIds = await getHandlerIds(agents_activity_1.Activity.fromObject(data.activity));
+        let handlers = this.mapHandlers(handlerIds !== null && handlerIds !== void 0 ? handlerIds : []);
+        // Sort handlers to ensure the active handler is processed first, to ensure continuity.
+        handlers = (_a = handlers.sort((a, b) => {
+            if (a.id === data.id) {
+                return -1;
+            }
+            if (b.id === data.id) {
+                return 1;
+            }
+            return 0;
+        })) !== null && _a !== void 0 ? _a : [];
+        return { data, handlers };
+    }
+    /**
+     * Attempts to sign in using the specified handler and options.
+     */
+    async signin(storage, handler, context, active) {
+        try {
+            return await handler.signin(context, active);
+        }
+        catch (cause) {
+            await storage.delete();
+            throw new Error(this.prefix(handler.id, 'Failed to sign in'), { cause });
+        }
+    }
+    /**
+     * Maps an array of handler IDs to their corresponding handler instances.
+     */
+    mapHandlers(ids) {
+        let unknownHandlers = '';
+        const handlers = ids.map(id => {
+            if (!this._handlers[id]) {
+                unknownHandlers += ` ${id}`;
+            }
+            return this._handlers[id];
+        });
+        if (unknownHandlers) {
+            throw new Error(`Cannot find auth handlers with ID(s): ${unknownHandlers}`);
+        }
+        return handlers;
+    }
+    /**
+     * Prefixes a message with the handler ID.
+     */
+    prefix(id, message) {
+        return `[handler:${id}] ${message}`;
+    }
+}
+exports.AuthorizationManager = AuthorizationManager;
+//# sourceMappingURL=authorizationManager.js.map